I like the netfilter / iptables firewall, it comes with Linux and is part of the kernel. The best is, it has a rich feature set, is secure and free of charge.

Netfilter / iptables can target:

IP source and destination addresses

TCP/UDP source and destination ports

Ethernet MAC source and destination addresses

Inbound and Outbound

Netfilter / iptables is by default a layer four stateful firewall. With a patch it can even work at layer seven as application firewall. Furthermore, it has a bunch of advanced features, like:

Can do IP forwarding

Can do port forwarding

QoS / traffic limit

Filter according to user authentication

Time of day filtering

Change TTL

...

The only question is, which tool to use to configure it. There are some tools one can use to configure the netfilter firewall, like KMyFirewall, Guarddog, Shorewall, Webmin and ... Fwbuilder. I used to work with Checkpoint firewall - this may be the reason why I like the drag and drop Fwbuilder approach.

From the website: Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF as well as Cisco PIX and Cisco IOS extended access lists.

Setup

First, You need the software. The folks at Fwbuilder (www.fwbuilder.org) provide by default no Slackware package. If you want to start from scratch, grab the sources and compile them. The better and easier way would be to grab the Slackware packages from here. You need the packages "fwbuilder" and "libfwbuilder". Install them with "installpkg".

NB: My package does not create a Fwbuilder menu link. It is in your obligation to do so, the fwbuilder executable lies in /usr/bin.

Start fwbuilder for the first time

Define Firewall

There is no firewall defined at this point.

Enter a name for your firewall and choose "iptables" and "Linux 2.4/2.6"

Define your interfaces. You can do this automatically provided you have snmp installed, active and configured. Otherwise you have to do this manually.

You can also define a interface to have a dynamic IP address.

Check your "Host OS Settings"

Check your "Firewall Settings"

Object library

If you change to the "Standard" library you will find a almost complete set of object predefinitions.

Create ruleset

Now you can create your rules by dragging and dropping objects from the left side. You can use the context menu to create additional rules or the rules menu on the top.

"Allow all" ruleset

You may want to have a "allow all" ruleset for testing purposes or similar use.

Masquerade ruleset

If you want to use your box as a router to connect your private network to the Internet, a masquerade rule is useful.

Install policy

When you have finished creating your policy, install it. Choose "Compile" and "Install".

Choose a directory to save the compiled policy file (in this case /etc/fwbuilder).